grafana/hack/make-aggregator-pki.sh

#!/usr/bin/env sh

set -o errexit
set -o nounset
set -o pipefail

rm -rf data/grafana-aggregator

mkdir -p data/grafana-aggregator

openssl req -nodes -new -x509 -keyout data/grafana-aggregator/ca.key -out data/grafana-aggregator/ca.crt \
  -subj "/C=US/ST=New Sweden/L=Stockholm /O=Grafana/OU=R&D/CN=test-ca/emailAddress=test@grafana.app" -days 3650
openssl req -out data/grafana-aggregator/client.csr -new -newkey rsa:4096 -nodes -keyout data/grafana-aggregator/client.key \
  -subj "/CN=development/O=system:masters" \
  -addext "extendedKeyUsage = clientAuth"
openssl x509 -req -days 3650 -in data/grafana-aggregator/client.csr -CA data/grafana-aggregator/ca.crt -CAkey data/grafana-aggregator/ca.key \
  -set_serial 01 \
  -sha256 -out data/grafana-aggregator/client.crt \
  -copy_extensions=copyall

openssl req -out data/grafana-aggregator/server.csr -new -newkey rsa:4096 -nodes -keyout data/grafana-aggregator/server.key \
  -subj "/CN=localhost/O=aggregated" \
  -addext "subjectAltName = DNS:v0alpha1.example.grafana.app.default.svc,DNS:localhost" \
  -addext "extendedKeyUsage = serverAuth, clientAuth"
openssl x509 -req -days 3650 -in data/grafana-aggregator/server.csr -CA data/grafana-aggregator/ca.crt -CAkey data/grafana-aggregator/ca.key \
  -set_serial 02 \
  -sha256 -out data/grafana-aggregator/server.crt \
  -copy_extensions=copyall

# Apply broad permissions to certificates/keys so that containers passing these around for
# tests don't run into permission related errors
chmod 755 data/grafana-aggregator/*.*
K8s e2e tests: adds e2e package and 10 year certs (#91557) 2024-08-05 19:29:36 -05:00			`#!/usr/bin/env sh`
Grafana app platform: an aggregator cmd and package (#79948) 2024-01-08 14:33:42 -06:00
			`set -o errexit`
			`set -o nounset`
			`set -o pipefail`

			`rm -rf data/grafana-aggregator`

			`mkdir -p data/grafana-aggregator`
K8s: add a remote services file config option to specify aggregation config (#83646) 2024-02-29 19:29:05 -06:00
K8s e2e tests: adds e2e package and 10 year certs (#91557) 2024-08-05 19:29:36 -05:00			`openssl req -nodes -new -x509 -keyout data/grafana-aggregator/ca.key -out data/grafana-aggregator/ca.crt \`
			`-subj "/C=US/ST=New Sweden/L=Stockholm /O=Grafana/OU=R&D/CN=test-ca/emailAddress=test@grafana.app" -days 3650`
K8s: add a remote services file config option to specify aggregation config (#83646) 2024-02-29 19:29:05 -06:00			`openssl req -out data/grafana-aggregator/client.csr -new -newkey rsa:4096 -nodes -keyout data/grafana-aggregator/client.key \`
			`-subj "/CN=development/O=system:masters" \`
			`-addext "extendedKeyUsage = clientAuth"`
K8s e2e tests: adds e2e package and 10 year certs (#91557) 2024-08-05 19:29:36 -05:00			`openssl x509 -req -days 3650 -in data/grafana-aggregator/client.csr -CA data/grafana-aggregator/ca.crt -CAkey data/grafana-aggregator/ca.key \`
K8s: add a remote services file config option to specify aggregation config (#83646) 2024-02-29 19:29:05 -06:00			`-set_serial 01 \`
			`-sha256 -out data/grafana-aggregator/client.crt \`
			`-copy_extensions=copyall`

			`openssl req -out data/grafana-aggregator/server.csr -new -newkey rsa:4096 -nodes -keyout data/grafana-aggregator/server.key \`
			`-subj "/CN=localhost/O=aggregated" \`
			`-addext "subjectAltName = DNS:v0alpha1.example.grafana.app.default.svc,DNS:localhost" \`
			`-addext "extendedKeyUsage = serverAuth, clientAuth"`
K8s e2e tests: adds e2e package and 10 year certs (#91557) 2024-08-05 19:29:36 -05:00			`openssl x509 -req -days 3650 -in data/grafana-aggregator/server.csr -CA data/grafana-aggregator/ca.crt -CAkey data/grafana-aggregator/ca.key \`
K8s: add a remote services file config option to specify aggregation config (#83646) 2024-02-29 19:29:05 -06:00			`-set_serial 02 \`
			`-sha256 -out data/grafana-aggregator/server.crt \`
			`-copy_extensions=copyall`
K8s e2e tests: adds e2e package and 10 year certs (#91557) 2024-08-05 19:29:36 -05:00
			`# Apply broad permissions to certificates/keys so that containers passing these around for`
			`# tests don't run into permission related errors`
			`chmod 755 data/grafana-aggregator/.`